package com.oauth2.springsecurityoauth2demo.config;

import com.oauth2.springsecurityoauth2demo.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;

import java.util.ArrayList;
import java.util.List;

/**
 * 授权服务器配置
 *
 * @author wangning
 * @create 2021-03-30 20:10
 */
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

	@Autowired
	private PasswordEncoder passwordEncoder;

	@Autowired
	private AuthenticationManager authenticationManager;

	@Autowired
	private UserService userService;

//	@Autowired
//	@Qualifier("redisTokenStore")
//	private TokenStore redisTokenStore;

	@Autowired
	@Qualifier("jwtTokenStore")
	private TokenStore tokenStore;

	@Autowired
	private JwtAccessTokenConverter jwtAccessTokenConverter;

	@Autowired
	@Qualifier("getJwtTokenEnhancer")
	private JwtTokenEnhancer jwtTokenEnhancer;

	/**
	 * 使用密码模式所需配置
	 *
	 * @param endpoints
	 * @throws Exception
	 */
	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
		//配置JWT内容增强器
		TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
		List<TokenEnhancer> delegates = new ArrayList<>();
		delegates.add(jwtAccessTokenConverter);
		delegates.add(jwtTokenEnhancer);
		enhancerChain.setTokenEnhancers(delegates);

		endpoints.authenticationManager(authenticationManager)
				.userDetailsService(userService)
				.tokenStore(tokenStore)
				.accessTokenConverter(jwtAccessTokenConverter)
				.tokenEnhancer(enhancerChain);

//				.tokenStore(redisTokenStore);
	}

	@Override
	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
		clients.inMemory()
				//配置client-id
				.withClient("admin")
				//配置client-secret
				.secret(passwordEncoder.encode("112233"))
				//配置访问的token有效期
				.accessTokenValiditySeconds(3600)
				//配置redirect_url,用于授权成功后跳转
				.redirectUris("http://www.baidu.com")
				//配置申请令牌的权限范围
				.scopes("all")
				//授权方式，只能是授权码模式
				.authorizedGrantTypes("password","refresh_token");

	}
}
